General
-
Target
54b957849ed27245d83da62afb8adaa184e9e91934d99988a676f2f97c97556e.exe
-
Size
1.7MB
-
Sample
250109-blr5xatqfj
-
MD5
d2aa907a5c14b7acb1b00f7a03dd9890
-
SHA1
a1b53566124052a4537065e6e63009ecffc9fbe7
-
SHA256
54b957849ed27245d83da62afb8adaa184e9e91934d99988a676f2f97c97556e
-
SHA512
eba1f2e8858da3ff856594d8b2fea67f0416ce0f36fb92ae01b9b13028e9a216a833e06f7ac0838f3a0cf6488a11685138e8911ea4e07dca417fb054d5b1256e
-
SSDEEP
49152:LMEi3MPI2LfxlIFwSzQAwT/0JVvyJF2+OXkFw+bB/Z:I93J2b3SzQAwTEVvU2+mkFXB/Z
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
54b957849ed27245d83da62afb8adaa184e9e91934d99988a676f2f97c97556e.exe
-
Size
1.7MB
-
MD5
d2aa907a5c14b7acb1b00f7a03dd9890
-
SHA1
a1b53566124052a4537065e6e63009ecffc9fbe7
-
SHA256
54b957849ed27245d83da62afb8adaa184e9e91934d99988a676f2f97c97556e
-
SHA512
eba1f2e8858da3ff856594d8b2fea67f0416ce0f36fb92ae01b9b13028e9a216a833e06f7ac0838f3a0cf6488a11685138e8911ea4e07dca417fb054d5b1256e
-
SSDEEP
49152:LMEi3MPI2LfxlIFwSzQAwT/0JVvyJF2+OXkFw+bB/Z:I93J2b3SzQAwTEVvU2+mkFXB/Z
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-